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REAL PARTIES IN INTEREST 

The i^al. party in interest in this appeal is the following party: Intemational Business Machines 
Corporation, 
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RELATED APPEALS AND INTERFERENCES 

With respect to other s^peals or interference's that will directly affect, or be directly affected by, 
or have a bearing on the Board*s decision in the pending appeal, there are no such appeals or 
interferences. 
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STATUS OF CLAIMS 

A- TOTAL NUMBER OF CLAIMS IN APPLICATION 

Claims in the application are: 1 through 14. 

B. STATUS OF ALL THE CLAIMS IN APPLICATION 

1 . Claims canceled: None. 

2. Claims withdrawn from consideration but not canceled: None. 

3. Claims pending: 1 through 14, 

4. Claims allowed: None. 

5. Claims rejected: 1 through 14. 

C* CLAIMS ON APPEAL 

The claims on appeal are: 1 through 1 4. 
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STATUS OF AMENDMENTS 

An amendment was filed after the final rejection of April 22, 2004. The advisory action of 
August 9, 2004 states that the amendment was not entered. 
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SUMMARY OF CLAIMED SUBJECT MATTER 
A. CLAIMS 1, 5 and 7 - INDEPENDENT 

Claini 1 is directed to a method of preventing a flood attack on a network server. 
Specification p. 1, IL 7-10. A flooding attack on a network server includes sending an 
overwhelming number of datagrams to a server. Specification p* 1,1. 12 through p. 2, 1. 2, The 
effect of the attack may cause the server to crash or to deny service to datagrams considered 
legitimate by the user of the server. Specification p. 2, 11. 2-8. 

The claimed method addresses the problem of flooding attacks by determining how many 
datagrams are queued at a port on a network server and discarding queued datagrams when the 
number of queued datagrams exceeds a prescribed number. Specificatton p. 3> 11. 3-16. By 
analogy* the claimed method throws out legitimate datagrams along with illegitiniate datagrams in 
order to preserve the server's capability of addressing some legi timate datagrams. 

Specifically, the method detemiinesj in response to a datagram received from a host for the 
port on the network server, whether the number of connectionless datagrams queued to a port on a 
server exceeds a prescribed threshold, discards the datagram if the number of datagrams already 
queued to the port exceeds the proscribed threshold and queues the datagram to a port on the server 
if the number of datagrams already queued to the port does not exceed the prescribed threshold. 
Specification p. 3, 11. 11-16; Figure 1. 

Independent claims 5 and 7 contain the same patentable features. Claim 5 is directed to 
storage media containing program code for carrying out the method. Claim 7 is directed to a carrier 
wave containing programming code operable by the network server to cany out the method. 

CLAIM 3 - HVDEPENDENT 

Claim 3 is directed to an apparatus for preventing a flood attack on a network server. 
Specification p. 1, U. 7-10. The apparatus includes means for determining, in response to a 
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datagram from a host for the port on the network server, if the number of datagrams queued on the 
port by the host exceeds a prescribed threshold; means responsive to the determining means for 
discarding the datagram, if the number of datagrams queued on the port by the host exceeds the 
prescribed threshold; and means for queuing the datagram to a queue slot of the port, if the number 
of datagrams queued on the port by the host does not exceed the prescribed threshold. Specification 
p. 4y 1. 21 througji p. 7, 1. 6. (The means includes a network server, which includes at least one 
processor, network communication software and at least one data port.) 

C CLAIM 4 - DEPENDENT ON CLAIM 3 

Claim 4 ftuther limits claim 3 by specifying that the irieans jfbr determining further 
comprises means for calculating the prescribed threshold by multiplying a percentage P by a 
number of available queue slots fbr the port; Specification p. 6, 11. 14-26. (The means includes a 
netwoik server, which includes at least one processor, network communication software aod at least 
one data port.) 

D. CLAIM 12 - DEPENDENT ON CLAIM 3 

Claim 12 further limits claim 3 by including a means for configuring a maximum number of 
connectionless datagrams allowed to be queued at the port. Specification p. 4, 1 21 through p. 7, L 
6. (The means includes a network server, which includes at least one processor, network 
communication software and at least one data port.) 

E. CLAIM 13 - DEPENDENT ON CLAIM 12 

Claim 13 fiirther limits claim 12 by specifying that the means for configuring further 
comprises a controlling percentage of available queue slots remaining for the port. Specification p. 
6, 11 14-26. 
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GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

A. GROUND OF REJECTION 1 (Claims 1 through 10 and 12 through 14) 

Claims 1 through 10 and 12 through 14 stand rejected under 35 U.S.C. § 103(a) as obvious 
over Wesinger, Jr. et al, Firewall Providing Enhanced Network Security a nd User Transparency^ 
U.S. Patent 6,052,788 (Apr. 18, 2000) in view of Reid, et al, System and Method for Controlling 
Interactions Between Networks. U.S. Patent 6,182,226 (Jan. 30, 2001). 

B. GROUND OF REJECTION 2 (Claim 11) 

^ Claim 1 1 stands rejected under 35 U.S.C. § 103(a) as obvious over Wesinger and Reid in 
view of Bechtolshdm, et al., Per-Flow Dynamic Buffer Management, U.S. Patent. 6,5 15,963 (Feb. 
4,2003). 
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ARGUMENT 

A, GROUND OF REJECTION 1 (Claims 1 through 10 and 12 through 14) 
A-1. Claim J 

A.hh Technology Reflected in Claim 1 

Claim 1 is directed to a method of preventing a flood attack on a network server. 
Specification p. 1, U. 7-10, A flooding attack on a network server includes sending an 
overwhelmmg number of datagrams to a server. Specification p. 1, 1. 12 through p. 2, L 2. The 
effect of the attack may cause the server to crash or to deny service to datagrams considered 
legjtiinate by the user of the server. Specification p* 2> 11. 2-8, The claimed method addresses the 
probl^ of flooding attacks by detennining how many datagrams arc queued at a port on a network 
server and discarding queued datagrams when the number of queued datagrams exceeds a 
prescribed number. Specification p. 3, 11. 3-16. By analogy, the claimed method throws out the 
legitimate datagrams along with the illegitimate datagrams in order to preserve the server's 
capability of addressing some legitimate datagrams. 

A.1.2. Summary of the Rejection 

The thmst of the rejection of claim 1 is that Wesinger shows the claimed methods and 
devices, except for specifying that the disclosed methods and devices can be used to prevent 
flooding attacks, that Reid discusses preventing flooding attacks and that it would have been 
obvious to use Wesinger's methods and devices to prevent flooding attacks because Reid states that 
firewalls have become a key tool in controlling the flow of data in order to protect against malicious 
activities. However, the rejections are based a fundamentally flawed reading of Wesinger and on a 
flawed motivation to combine the references. As shown below, every statement the Examiner 
makes regarding what Wesinger teaches in relation to the claim language at issue is incorrect. 
Thus, the proposed combination does not result in the claimed inventions. In addition, the offered 
motivation is insufficient to sustain an obviousness rejection. Thus, the Examiner has failed to state 
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prima facie obviousness rejections. Furthermore, Wesinger teaches against the claims and no 
motivation exists to combine or rnodiiy the references in a way that would meet the claimed 
inventions. Therefore, claims 1 through 1 0 and 12 through 14 are non-obvious. 

Standard for Obviousness Rejections 

A proper prima facie case of obviousness must be supported by some teaching, 
suggestion or incentive supporting the combination. Obviousness cannot be estabUshed by 
combining the teachings of the prior art to produce the claimed invention absent some teaching, 
suggestion or incentive supporring the combination. Inre Getger. 815 .F.2d 686, 688, 2 
U.S.P.Q.2d 1276, 1278 (Fed. Cir. 1987). 

Applicants respectfully submit that the references cited cannot be combined to produce 
the claimed invention because neither Wesinger nor Reid gi ve any teaching, suggestion, or 
incentive to perform any of the claimed steps or make any of the claimed devices. As shown 
below, the Examiner has not pointed out any teaching, suggestion, or incentive in the prior art to 
perform any of the claimed steps or make any of the claimed devices. 

A.1A. The Examiner Fails To Point Out Any Teaching, Suggestion or Incentive in 
the Prior Art to Perform Any of the Claimed Steps or Make Any of 
the Claimed Devices 

A.1.4.1, The Examiner's First Characterization of Claim 1 in the Light of Wesinger is 
Incorrect 

Regarding claim ] , the Examiner states that die claimed phrase, "in wiiich a large number of 
connectionless datagrams are received ftir queuing to a port on the network server, comprising:" is 
shown in Wesinger. col. 3, II. 55-64. The Examiner specifically quotes that, "Both connection- 
oriented (e.g. TCP) and connectionless (e,g. UDP-based) services maybe handled using envoys.*' 
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The examiner's characterixation that the quoted language m Wesinger discloses the clairn 
language is incoirect. An envoy is a word used by Wesinger to mean "An intervening program that 
ftmctions as a transparent applications gateway" Wesinger, col. 5, II. 37-38. Thus, an envoy is like 
a proxy server, which is a program or computer that emulates the main server in order to protect the 
main server fiom attack, Wesinger's envoy system, by his own description, is a firewall. 
Wesinger, coL 6, 11. 12-13. A firewall exists outside a server and prevents illegitimate datagrams 
from entering a port on a server in t he first p lace. I n c ontrast, t he c laimed m ethod d eals w ith 
managing datagrams that actually reach a port on the setver. Although Wesinger claims that his 
*'envoys" can handle connectionless services (connectionless datagrams), Wesinger does not show 
or suggest the process of managing connectionless datagrams queuing at a server port. Instead, one 
of ordinary skill would understand that Wesinger's firewall identifies illegitimate datagrams before 
they reach the server, thus, the text cited by the Examiner does not disclose the claim language at 
issue. Tn addition, Wesinger never discloses managing datagrams queued at a port on a server. 
Reid fails to cure the lack of disclosure in Wesinger. Thus, the proposed combination does not 
result in the claimed invention. 

The Examiner^s Second Characterization of Claim 1 in the Light of Wesinger 
is Incorrect 

The Examiner then states that the claimed phrase, "detemiining, m response to the arrival of 
a connectionless datagram firom a host for a port on the network server, if the number of 
connectionless datagrams already queued to the port from the host exceeds a prescribed threshold" 
is shown in Wesinger, coL 14, U. 22-3 1 . The Examiner specifically quotes: 

The firewall is capable of servicing many simultaneous connections. The 
number of allowable simultaneous connections is configurable and may be 
limited to a predetermined number, or may be limited not by number but only by 
the load currently experienced by the physical machine, 

Wesinger, col. 14, IL 22-27. 
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The examiner's characterization that the quoted language in Wesinger discloses the claim 
language is manifestly incorrect. The claim language at issue is directed towards determining if the 
number of datagrams already queued to a port exceeds a prescribed threshold. Thus, the method 
reflected by the claim language may be characterized by the following schematic, which shows a 
maximum number of datagrams queued at a port, where the maximum is set by the threshold: 



Datagrams 






Server 
Port 





Threshold 

(This schematic is a non-limiting example of how the claimed invention functions.) 

On the other hand, the cited text in Wesinger describes the number of connections his 
firewall will allow to be made to the server. In other words, Wesinger is discussing how many 
client computers can simultaneously connect to the server through the firewall Thus, Wesinger's 
disclosure may be characterized by the following schematic: 

clients 



Clients 




Server 



Clients 
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Wesinger merely Jimits the number of clients that simultaneously and directly connect 
through the firewall to the server, and is unconcerned with the number of queued connectionless 
datagrams at a server port. Given that each client connection is a direct connection (as opposed to 
dealing with the claimed connectionJ^$ datagrams), it is clear tiiat Wesinger is utterly devoid of 
disclosure regarding the claimed inventions. Reid fails to cure the lack of disclosure in Wesinger in 
this regard. Accordingly, the proposed combination does not result in the claimed invention. 

A.1.4.3. The Examiner's Characterization that Connectionless-Based 
Communications and Connection-Based Communications Can Be 
Addressed in the Same Manner Is Incorrect 

Regarding the difference between connection-based and coimectionless-based 
communiciations, in the Advisory Action of August 9, 2004, the Examiner states, "it is obvious in 
the art that *connection' and 'connectionless' diagrams can be addressed in the satne marajer." The 
examiner points to the text book by R. Richard Stevens, TCP/IP Illustrated, and quotes as follows: 

IP is the workhouse protocol of the TCP/IP protocol suite. All TCP, UDP, 
ICMP and IGMP data gets transmitted as IP datagrams,.. A fact that amazes 
many newcomers to TCP/IP. . , is that IP provides an unreliable, connectionless 
datagrani delivery service. The term connectionless means that TP does not 
maintain any state inforaiation about successive datagrams. Each datagram is 
handled independently from all other datagrams. . 

Advisory Action of August 9, 2004, 

Again, the Examiner characterization of the reference is manifestly incorrect. On its face 
the text simply does not support the Examiner*s assertion. Steveais describes how connectionless 
datagrams are created and transmitted and does not discuss direct connections in the cited text. 

Anyone of ordinary skill in the art knows that direct connections are a reliable method of 
transmitting data because a direct connection is established between the server and the client. On 
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the other hand^ when connectionless datagrams are used to send information from a client to a host, 
data is broken into packets that can take many different paths to reach the final destination. No 
direct connection exists between the client and the server. Each packet can travel through many 
routers or routing computers before arriving at its destination. Each packet is handled 
independently and can take different paths. After all the packets are received, the packets are thai 
reassembled at the receiving computer. Because many paths can, and usually are taken, packets can 
b^ome lost or corrupted. Thus, connectionless datagrams are said to be unreliable. 
Connectionless datagrams are controlled by TCP/IP (Transmission Control Protocol/ Internet 
Protocol). TCP deals with breaking the data into packets and reassembling them. IP deals with 
routing the data packets to the proper destination. 

The fiindamental difference between how connection-based and connectionless-based 
communication systems operate emphasizes the vast differences between the firewall described in 
the cited text in Wesijiger, which handles direct connections in the text primarily cited by the 
Examiner, and the claimed method, which manages connectionless datagrams queuing at a server 
port Thus, again, the proposed combination does not resuU in the claimed invention. 

A.1.4.4. The Examiner's Third Characterization of Claim 1 in the Light of Wesinger is 
Incorrect 

Returning to the rejection of claim 1, the Examiner then states that the claimed phrase, 
"discarding the datagram, if the number of connectionless datagrams already queued to the port 
from the host exceeds the prescribed threshold " is disclosed in Wesinger, col. 14, II. 36-37, The 
cited text provides that, 'the firewall selectively allows and denies connections to implement a 
network security policy.** 

The examiner's characterization that the quoted language in Wesinger discloses the claim 
language is manifestly incorrect. As shown above, Wesinger shows that his firewall allows or 
disallows direct connections between client computers and the server based on the identity of the 
clients. Even if Wesinger's firewall were handling connectionless datagrams, Wesinger would 
addresses managing the datagrams with the firewall before they reach the server. Wesinger is 
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devoid of disclosure regardmg discarding datagrams once they actually reach the server port. Reid 
fails to cure the lack of disclosure in Wesinger in this regard. Accordingly, the proposed 
combination does not result in the claimed inventions. 

A.1A5« The Examiner's Fourth Characterization of Claim 1 in the Light of Wesinger 
is Incorrect 

The Examixier then states that the claimed phrase, "queuing the connectionless datagram to 
a queue slot of the port, if the number of connectionless datagrams already queued to the port from 
the host does not exceed the prescribed threshold is disclosed in Wesinger, coL 7, 11. 1-4. The cited 
text provides that, *The connection, once established, is fiilly bi-directional, with the same virtual 
host passing data between the originating network connection and the network connection at the 
opposite edge of the firewall.'* i 

The examiner's characterization that the quoted language in Wesinger discloses the claim 
language is manifestly incorrect. Wesinger describes bi-directional, direct connection through the 
viitual host between the originating network connection and the network connection at the opposite 
edge of the firewall. See Wesinger col. 6, 11. 61-65 through, col. 7, 11. 1-4; see also Wesinger Fig. 1. 
On the other hand, the claim language at issue describes queuing a connectionless datagram to a 
queue slot on a server port if the number of datagrams already queued do not exceed the prescribed 
threshold. The claimed method of queuing connectionless datagrams at a server port is alien to 
Wesinger's method of establishing direct connections within a firewall. Reid fails to cure the lack 
of disclosure in Wesinger hi this regard. Accordingly, the proposed combination fails to result in 
the claimed inventions. 

A.1.4.6. The Examiner's Failure to LogicaHy Connect the Cited Reference to Claim 1 
Mandates that the Proposed Combination Does Not Result in the 
Claimed Invention 

The failure of the Examiner to logically connect the cited text to any of the language of 
claim 1 belies the Examiner's fundamental misunderstanding of both Wesinger and the claimed 
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technology. Claim 1 is directed to a method of queuing and discarding couuectionless datagrams 
received at a port on a server. Wesinger shows a modified proxy-type firewall, which prevents 
unauthorized connections (or unauthorized datagrams) from reaching a server in the first place. In 
addition, the method of claim 1 discards datagrams regardless of whether the datagrams are 
authorized or not. firewalls, including the one shown in Wesinger, attempt to identify inconndng 
connections or incoming datagrams and deny access to connections (or datagrams) that do not meet 
certain identification criteria. Although Wesinger does show that the number of direct connections 
to the firewall may be limited, Wesinger is silent regarding handling datagrams that ultimately 
reach a port on a server. Thus, even if the Wesinger firewall was somehow modified to protect 
against flooding attacks, it would do so in a completely different manner than the claimed method, 
Reid also only deals with firewalls. Although Reid docs mention the term "flooding attack," Reid 
, . does not cure the lack of disclosxire in Wesinger in this regard. Because none of the claim 
limitations are shown in either Wesinger or Reid, the proposed combination does not result in the 
invention of claim 1 . 

A.l A7« An Inherent Weakness in the Cited Art Emphasizes that the Proposed 
Combination Ppes Not Result in the Claimed Invention 

The difference between the method of the proposed combination and the claimed method is 
emphasised by an inherent weakness in the method of the proposed combination. Perpetrators of 
malicious flooding attacks often forge the identity of the client computer &om which a flooding 
attack is sent Thus, datagrams sent from a c lient computer can "appear" to originate f mm an 
authorized client. In other words, the datagrams have a forged identify and may be considered 
forged datagrams. When a server pmtected by the Wesinger firewall t s attacked by a flood of 
forged datagrams, the firewall will allow the flood of data to pass thrt^ugh the firewall because the 
firewall believes that all of the forged datagrams are authorized. Acconiingly, the server would be 
overwhelmed despite the presence of the Wesinger firewall. On the other hand, the claimed 
method discards both authorized and unauthorized datagrams if the total number of queued 
datagrams exceeds the claimed threshold. Thus, a server protected by the claimed method will not 
be overwhelmed even if subject to a severe flooding attack of forged datagrams. (By analogy, the 
claimed method '^throws out the good with the bad" whereas Wesinger, Reid and other firewalls 
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attempt to **separate the good from the had.") The difference between the method of claim 1 and 
the method of the proposed combination emphasizes thai Wesinger cannot disclose the claimed 
method. Similarly, Reid shows a firewall and suffers from the same wealcness. Because Reid does 
not cure the lack of disclosure in Wesinger, the proposed combination does not result in the claimed 
inventions. 

Because the Examiner has not pointed out any teaching, suggestion, or incentive in the 
cited references to perform any of the claimed steps or make any of the claimed devices, the 
Examiner has failed to state a prima facie obviousness rejection. Accordingly, Applicants 
respectfully request that the rejection be overtumed and the claims allowed. 

A.1»S No Motivation Exists to Combine the References 

A.1.5.1. A Pre-Existing Motivation to Combine the References Must Exist in Order To 
Establish a Prima Facie Obviousness Rejection 

The mere fact that the prior art could be readily modified to arrive at the claimed invention 
does not render the claimed invention obvious; the prior art must suggest the desirability of such a 
modification. In re Ochiai, 71 R3d 1565, 1570, 37 U.S.RQ.2d 1 127, 1131 (Fed; Gir. 1996); In re 
Gordon, 733 F.2d 900, 903, 221 U.S.P.Q. 1125, 1127 (Fed. Cir. 1984), Merely stating that the 
modification would have been obvious to one of ordinary skill without identifying an incentive or 
motivation for making the proposed modification is insufficient to establish a prima facie case. 

A.l.5,2. No Motivation Exists To Combine the Cited Art 

The complete lack of disclosure in Wesinger and Reid regarding the claimed method shows 
that the claimed method is utterly unsuggested in the known references. Furthennore, the claimed 
method is not suggested in the art. Thus, it is not possible to create a motivation to combine the 
references in a way that meets the claimed invenhon. Accordingly, the claims are non-obvious in 
view of Wesinger and Reid. 
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A*l»5,3. The Examiner Has Failed to Provide a Motivation To Combine the Cited Art 

Further regardijig a motivation to combine the references, the Examiner contends that the 
proposed combination is obvious because it would be obvious to modify a firewall to protect 
against flooding attacks. The statement makes no sense because firewalls prevent unauthorized 
connections or unauthorized datagrams from reaching the server in the first place. Thus, firewalls 
already defend against flooding attacks, though in a manner distinct fiiom the claimed method. 
Accordingly,itmakesnosenset05tatethatitwouldbcobviousto modify firewalls to protect 
against flooding attacks. 

The Examiner attempts to bolster the assertion by quoting that, "firewalls have become a 
key tool in controlling the flow of data" and that users experience "increased vuhierability to 
malicious activities." These facts might motivate one to modify existing firewalls in a manner 
suggested by the prior art. However, the mere existence of a serious problem cannot motivate one 
of only ordinary skill to completely depart ftom the prior art and propose an otherwise unsuggested 
solution (especially when the solution calls for discarding authorized datagrams along with the 
unauthorized datagrams.) Thus, the Examiner failed to provide a motivation to combine the 
references. Accordingly, the Examiiier failed to state a prima facie obviousness rejection of claim 
- 1. • 

A.1.6 Wesinger Teaches Away from Claim 1 

For similar reasons, Wesinger teaches away from claim 1. Wesinger, like most firewall 
devices, teaches tiiat inconoing datagrams and direct connections should be identified so that 
authorized datagrams and authorized connections may be allowed throu^ the firewall and 
unauthorized datagrams and unauthorized connections may be excluded from the firewall. S ee 
Wesinger col. 3, II. 60-62, "No trafBc can pass through the firewall unless the firewall has 
established an envoy for that traffic." (The envoy establishes a transparent proxy for the server.) 
See also col. 1, 11. 12-1.7, 'The present invention relates to computer network security and more 
particularly to firewalls, i.e., a combination of computer hardware and software that selectively 
allows 'acceptable' computer transmissions to pass through it and disallows other non-acceptable 
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computer transmissions." One of ordinary skiU^ upon reading Wesinger, might be motivated to 
create a device that selectively allows "authorized" datagrams to pass to a server. Wesinger would 
motivate one of ordinary skill to avoid discarding both authorized and unauthorized datagrams 
because doing so defeats the purpose of a firewall, which is to identify and allow authorized 
transmissions. Because Wesinger teaches away from claim 1, claim 1 is non-obvious. 

Claim 2 

Regarding claim 2, the proposed combination does not result in the claimed invention. The 
Examiner contends that Wesinger discloses the claimed step of calculating the prescribed threshold 
by multiplying a percentage P by the number of available queue slots for the port. The Examiner 
points to Wesinger, col. 14, 11. 22-31, which describes that the number of connections to the 
firewall may be limited. As pointed out with the above schematic drawings, Wesinger does not 
disclose managing datagrams at a server port as claimed, but rather discloses limiting direct 
connections between client computers and a firewall. Wesinger is devoid of disclosure regarding 
. . the subject matter of claim 2 and Reid fails to cure tlie lack of disclosure in Wesinger. Thus, the 
proposed combination does not result in the claimed invention. For similar reasons, claim 2 is 
indq^endently patentable over the proposed combination. 

A-3. Claim 3 

Regarding claim 3, the proposed combination does not result in the claimed invention. The 
Examiner contends that claim 3 is directed to the apparatus of the method of claim 1 and is rejected 
under the same rationale. As pointed out with the above schematic drawings, Wesinger does not 
disclose a device for managing datagrams at a server port as claimed, but rather discloses limiting 
direct connections between client computers and a firewall Wesinger is devoid of disclosure 
regarding the subject matter of claim 3 (apparatus for preventing a flood attack, including means for 
queuing a datagram to a queue slot of a server port if the number of datagrams queued on the port 
by the host does not exceed a prescribed direshold) and Reid fails to cure the lack of disclosure in 
Wesinger. Thus, the proposed combination does not result in the claimed invention. For similar 
reasons, claim 3 is independently patentable over the proposed combination. 
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Claim 4 

Regarding claim 4, the proposed combination does not result in the claimed invention. The 
Examiner contends that claim 4 is directed to similar subject matter of the apparatus of claim 1 and 
is rejected under the same rationale. As pointed out with the above schematic drawings, Wesinger 
does not disclose a device for managing datagrams at a server port as claimed, but rather discloses 
limiting direct connections between client computers and a firewall Wesinger is devoid of 
disclosure regarding the subject matter of claim 4 (means for calculating the prescribed threshold by 
multiplying a percentage P by a number of available queue slots for the port) and Reid fails to cure 
the lack of disclosure in Wesinger. Thus, the proposed combination does not result in the claimed 
invemtion. For similar reasons, claim 4 is independently patcmtable over the proposed combination. 

4.S Claims 

Regarding claim 5, the proposed combination does not result in the claimed invention. The 
Examiner contends that claim 5 is directed to storage media containing program code of the method 
of claim 1 and is rejected under the same rationale. As p ointed o ut w ith the above s chematic 
drawings, Wesinger does not disclose a device for managing datagrams at a server port as claimed, 
but rather discloses limiting direct connections between client computers and a fiiewall. Wesinger 
is devoid of disclosure regarding the subject matter of claim 5 (storage media containing code to 
perfotra a method similar to claim 1) and Rcid fails to cure the lack of disclosure in Wesinger. 
Thus, the proposed combination does not result in the claimed invention. For similar reasons, 
claim 5 is independently patentable over the proposed combination. 

A.6. Claim 6 

Regarding claim 6, the proposed combination does not result in the claimed invention. The 
Examiner contends that claim 6 incorporates substantially similar subject matter as recited in claim 
2 and is rejected under the same rationale. As pointed out with the above schematic drawings, 
Wesinger does not disclose a device for managing datagrams at a server port as claimed, but rather 
discloses limiting direct connections between client computers and a firewall. Wesinger is devoid 
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of disclosure regarding the subject matter of claim 6 (storage media containing code for calculating 
the prescribed threshold by multiplying a percentage P by a number of available queue slots for the 
port) and Rcid fails to cure the lack of disclosur e in Wesinger. Thus, the proposed combination 
docs not result in the claimed invention. For similar reasons, claim 6 is independently patentable 
over the proposed combinaHon. 

A.7- Claim 7 

Regarding claim 7, the proposed combination does not result in the claimed invention. The 
Examiner contends that claim 7 is directed to a carrier wave containing program code of the method 
of claim 1 and is rqccted under the same rationale. As pointed out with the above schematic 
drawings, Wesinger does not disclose a device for managing datagrams at a server port as claimed, 
but rather discloses limiting direct connections between client computers and a firewall. Wesinger 
is devoid of disclosure regarding the subject matter of claim 7 (a canicr wave containing program 
code for performing steps similar to claim 1) and Reid fails to cure the lack of disclosure in 
Wesinger. Thus, the proposed combination does not result in the claimed invention. For similar^ 
reasons, claim 7 1$ independently patentable over the proposed combination. 

A.8. Claims 

Regarding claim 8, the proposed combination does not result in the claimed invention. The 
Examiner contends that claim 8 incorporates substantially similar subject matter as in claim 2 and is 
rejected under the same rationale. As pointed out with the above schematic drawings, Wesinger 
does not disclose a device for managmg datagrams at a server port as claimed, but rath^ discloses 
limiting direct connections betwccai client computers and a firewall. Wesinger is devoid of 
disclosure regarding the subject matter of claim 8 (a canier wave containing code for calculating 
the prescribed threshold by multiplying a percentage P by a number of available queue slots for the 
port) and Reid fails to cure the lack of disclosure in Wesinger, Thus, the proposed combination 
does not result in the claimed invention. For similar reasons, claim 8 is independently patentable 
over the proposed combination. 
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A.9. ClAim 9 

Regarding claim 9, the proposed combination does not result in the claimed invention. The 
Examiner contends that the claimed phrase, . .configuring a maximuTri number of connectionless 
datagrams allowed to be queued at the port" is taught by Wesinger in col. 14, U. 22-31, which 
pxx)vides that the firewall is capable of serving many simultaneous connections. As pointed out 
with the above schematic drawings, Wesinger does not disclose a device for managing datagrams at 
a server port as claimed, but rather discloses limiting direct cotinections between client computers 
and a firewall. Wesinger is devoid of disclosure regarding the subject matter of claim 9 
(configuring a maximum number of connectionless datagrams allowed to be queued at the port) and 
Reid fails to cure the lack of disclosure in Wesinger. Thus, the proposed combination does not 
result in the claimed invention. For similar reasons, claim 9 is independently patentable over the 
proposed combination. 

A.10 Claim 10 

Regarding claim 1 0, the proposed combination does not resuh in the claimed invention. 
The Examiner points to the same text in Wesinger (coL 14, 11 22-31) to support the rejection. As 
pointed out with the above schematic drawings, Wesinger does not disclose a device for managing 
datagrams at a server port as claimed, but rather discloses limiting direct connections between client 
computers and a firewall. Wesinger is devoid of disclosure regarding the subject matter of claim 1 0 
(wherein the prescribed threshold of claim 9 is based on the contralling percentage of available 
queue slots remaining for tibe port) and Reid fails to cure the lack of disclosure in Wesinger. Thus, 
the proposed combination does not result in the claimed invention. For similar reasons, claim 1 0 is 
independently patentable over the proposed combination. 

A.11 Claim 12 

Regarding claim 1 2, the proposed combination does not result in the claimed invention. 
The Examiner contends that claim 12 incorporates substantially similar subject matter as in claim 9 
and is rejected under the same rationale. As pointed out with the above schematic drawings, 
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Wesinger does not disclose a device for managing datagrams at a server port as claimed, but rather 
discloses limiting direct connections betweera client computers and a firewall. Wesinger is devoid 
of disclosure regarding the subject matter of claim 12 (means for configuring a maximum number 
of connectionless datagrams allowed to be qxieued at the port) and Reid fails to cure the lack of 
disclosure in Wesinger. Thus, the proposed combination does not result in the claimed invention. 
For similar reasons, claim 12 is independently patentable over the proposed combination. 

A.12 Claim 13 

Regarding claim 1 3, the proposed combination docs not result in the claimed invention. 
The Examiner contends that claim 13 incorporates substantially similar subject matter as in claim 
10 and is rejected under the same rationale. As pointed out with the above schematic drawings, 
Wesinger does not disclose a device for managing datagrams at a server port as claimed, but rather 
discloses limiting direct connections between client computers and a firewall. Wesinger is devoid 
of disclosure regarding the subject matter of claim 13 (the means for configuring further comprises 
configuring a controlling percentage of available queue slots remaining for the port) and Reid fails 
to cure the lack of disclosure in Wesinger. Thus, the proposed combination does not result in the 
claimed invention. For similar reasons, claim 13 is independently patentable over the proposed 
combination. 

A-13 Claim 14 

Regarding claim 1 3, the proposed combination does not result in the claimed invention. 
The Examiner contends that the claimed phrase, 'Vhercin the computer is the network server"* is 
taught in Reid, col. 3, 11. 1-8 and specifically quotes, '"workstations 40 communicate through 
firewall 34 with servers or workstations on external network 36 and with server 42 on network 44," 
As pointed out with the above schematic drawings, Wesinger docs not disclose a device for 
managing datagrams at a server port as claimed, but rather discloses limiting direct connections 
between client computers and a firewall Reid fails to cure the lack of disclosure in Wesinger and 
the fact that Reid discloses the temi "network server" is irrelevant to the underlying patentability of 
claim U. Thus, the proposed combination does not result in the claimed invention. For similar 
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reasons^ claim 14 is independently patentable over the proposed combination. 



B. GROUND OF REJECTION 2 (Claim 11) 

The rejection of claim 11 relies on the combination of Wesinger (U.S. Patent 6*052,788), 
Reid (U.S. Patent 6,182,226) and Bechtolsheim (U.S. Patent 6,515,963). The rejection rests on the 
Examine^^s characterization of Wesinger, which as pointed out with respect to claim 1 is 
fundamentally jQawed. The combination of Wesinger and Reid cannot show the limitations of 
independent claim 1, upon which claim 11 depends. In addition, Bechtolsheim shows a dynamic 
buffer management sch^e, wherein the header information for each packet is mapped into an 
- entry in a flow table. Data packets are enqueued in or dropped fiom a buffer based on the header 
, information. Bechtolsheim is cumulative to Wesinger in the sense that data packets are identified 
and sorted according to information in tfie packet. Thus* Bechtolsheim does not cure the lack of 
disclosure in Wesinger, Because none of the references show or suggest the claimed invention, it is 
not possible to show a teaching, suggestion or incentive supporting the combination under the 
standards of In rc Geiger . Accordingly, Obviousness cannot be established. 

In addition, the Examiner states that it would have been obvious to combine the references 
to include a means to maintain queue slots available in a port. The proposed motivation to make 
the modification is *1o coni^5cnsate for the different types of internetworking traffic or fiows 
presented to the router/switching device,.. Buffer manager 25 and port scheduler 50 are also 
implemented." 

However, the proposed motivation is irrelevant to claim 11. Claim U is directed to the 
method of claim I wherein the a port comprises a pluraUty of queue slots and the method further 
comprises maintaining a number of available queue slots of the plurality of queue slots for the port. 
The feet that Bechtolsheim discusses compensating for different types of networking traffic or flow 
is irrelevant to maintaining a number of available of queue slots in a phjrality of queue slots. Thus, 
the Examiner has failed to provide a motivation to combine the references. Accordingly, the 
Examiner has failed to state a prima facie obviousness rejection of claim 1 1 
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Furthermore, no motivation exists to combine the references to meet the limitations of claim 11. 
Claim 1 1 is directed to managing counectionless datagrams queued at a port on a server. All three 
references are devoid of disclosure in this regard. Because the references and the art fail suggest the 
claimed method, no motivation can exist to combine the references. Accordingly, claim 1 1 is non- 
obvious over the cited references. 
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CONCLUSION 



The claimed methods and devices are directed to managing connectionless datagrams 
queued at a port on a server, wherein additional datagrams are discarded when the number of 
queued datagrams exceeds a prescribed liinit. Thus, tiie claimed methods and devices discard both 
legitimate and illegitimate datagrams. On the other hand, Wesinger and Reid are directed towards 
firewalls, which seelc to prevent illegitimate datagrams from reaching the server in the first place. 
The methods and devices shown in Wesinger and Reid are completely distinct &om the claimed 
methods and devices and neither reference slrows the limitations of the claims. In addition, 
Bechtolsheim is cumulative to Wesinger for purposes of the rejection of claim 11. Thus, the 
proposed combinations cannot result in the claimed inventions. Furthermore, Wesinger and Reid 
teach away from tlie claims and no motivation exists to combine the references. Thus, the claims 
are also non-obvious. 
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APPENDIX OF CLAIMS 
The claims involved m the appeal are: 

1. (previously presented) A method of preventijig a flooding attack on a network server in 
which a large number of connectionless datagrams are received for queuing to a port on the 
network server, comprising: 

determining, in response to the arrival of a connectionless datagram jfrom a host for a port 
on the network server, if the number of connectionless datagrams already queued 
to the port from the host exceeds a prescribed threshold; 
discarding the datagram, if the number of connectionless datagram already queued to the 

port from the host exceeds the prescribed threshold; and 
queuing the connectionless datagram to a queue slot of the port, if the number of 

connectionless datagram ahready queued to the port from the host does not exceed 
the prescribed threshold. 

2. (previously presented) The method of claim 1 wherein the determining if the number of 
datagrams already queued to the port from the host exceeds a prescribed threshold further 
comprises: 

calculating the prescribed threshold by multiplying a percentage P by the number of 
available queue slots for the port. 

3. (previously presented) Apparatus for preventing a flooding attack on a network server in 
which a large number of datagrams are received for queuing to a port on the server, comprismg: 

means for determining, in response to a datagram from a host for the port on the network 
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server, if the number of datagrams queued on the port by the host exceeds a 
prescribed threshold; means responsive to the determining means for discarding 
the datagram, if the number of datagrams queued on the port by the host exceeds 
the prescribed threshold; and 
means for queuing the datagram to a queue slot of the port, if the number of datagrams 
queued on the port by the host does not exceed the prescribed threshold. 

4. (previously presented) The apparatus of claim 3 wherein the means for determining if the 
number of datagrams already queued to the port from the host exceeds a prescribed threshold 
further comprises; 

means for calculating the prescribed threshold by multiplying a percentage P by a number 
of available queue slots for the port, 

5, (previously presented) A storage media containing program code that is operable by a 
computer for preventing a flooding attack on a netv/ork server in which a large number of 
datagrams are received for queuing to a port on the network server, the program code including 
instructions for causing the computer to execute the steps of: 

determining if the number of datagrams already queued to the port from the host exceeds 
a prescribed threshold, in response to a datagram fix)m a host for the port on the 
network server; 

discarding the datagram, if the number of datagrams already queued to the port from the S 
host exceeds the prescribed threshold; and 
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queuing the datagram to a queue slot of the port^ if the number of datagrams already 
queued to the port from the S host does not exceed the prescribed threshold. 

6. (previously presented) the storage media of claim 5 further comprising the step of: 
calculating the prescribed threshold by multiplying a jpercentage P by a number of 

available queue slots for the port. 

7. (previously presented) A carrier wave containing program code that is operable by a 
network server for preventing a flooding attack on the network server in which a large number of 
datagrams are received for queuing to a port on the server, the prograta code including 
instructions for causing the network server to execute the steps of: 

determining, in response to receipt of a datagram from the host for queuing to the port on 

the network server, if the number of datagrams ateady queued to the port from a 

host exceeds a prescribed threshold; 
discarding the datagram, if the number of datagrams already queued to the port from the 

host exceeds the prescribed threshold; and 
queueing the datagram to the port, if the number of datagrams already queued to the port 

from the host does not exceed the prescribed threshold. 

8. (previously presented) The carrier wave of claim 7 wherein the program code further 
includes instructions for causing the network server to execirte the step of: 

calculating the prescribed threshold by multiplying a percentage P by a number of 
available queue slots for the port. 
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9. (previously presented) The method of claim 1 further coroprising: 

configuring a maximum number of connectionless datagrams allowed to be queued at the 
port. 

10. (previously presented) The method of claim 9 whercin the configuring step further 
includes configuring a controlling percentage of available queue slots remaining for the port; and 

wherein the prescribed threshold is based on the controlling percentage of available queue 
slots remaining for the port. 



1 1 (previously presented) The method of claim 1 wherein the port comprises a plurality of 
queue slots, the method further comprising: 

maintaining a number of available queue slots of the plurality of queue slots for the port, 

12. (previously presented) The apparatus of claim 3 fijrther comprising: 

a means for configuring a maximum number of connectionless datagrams allowed to be 
queued at the port. 

1 3. (previously presented) The apparatus of claim 12 wherein the means for configuring 
finther comprises configuring a controlling percentage of available queue slots remaining for the 
port. 



14. (previously presented) TTie storage media of claim 5 wherein the computer is the networic 
server. 
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EVIDENCE APPENDIX 

There is no evideDoe to be presented. 
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RELATED PROCEEDINGS APPENDIX 

There are no related proceedings. 
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